Lucene search
K

3923 matches found

Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.13 views

PT-2026-41431

Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Attackers can place malicious executables in the unquoted path directories to execute arbitrary code...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.15 views

Cybertron Privacy Drive 代码问题漏洞

Cybertron Privacy Drive is a security software from Cybertron Corporation that supports disk encryption, creation of virtual encrypted volumes, and protection of privacy data. Version 3.17.0 of Cybertron Privacy Drive has a code vulnerability. This vulnerability stems from an unreferenced service...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.10 views

CVE-2026-45228

Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...

5.4CVSS5.8AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.10 views

CVE-2026-45229

Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...

8.8CVSS5.9AI score0.00367EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 9:32 p.m.9 views

EUVD-2026-30174

Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...

8.8CVSS5.9AI score0.00367EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/13 9:32 p.m.12 views

EUVD-2026-30173

Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...

5.4CVSS5.8AI score0.00183EPSS
Exploits0References4
NVD
NVD
added 2026/05/13 9:16 p.m.10 views

CVE-2026-45228

Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...

5.4CVSS0.00183EPSS
Exploits0References3
NVD
NVD
added 2026/05/13 9:16 p.m.11 views

CVE-2026-45229

Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...

8.8CVSS0.00367EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 7:54 p.m.14 views

CVE-2026-45228

Quark Drive

5.4CVSS5.8AI score0.00183EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/13 7:54 p.m.10 views

CVE-2026-45228 Quark Drive (quark-auto-save) < 0.8.5 Stored XSS via System Configuration

Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...

5.4CVSS5.8AI score0.00183EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:54 p.m.9 views

CVE-2026-45228

Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...

5.4CVSS5.8AI score0.00183EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/13 7:54 p.m.32 views

CVE-2026-45228 Quark Drive (quark-auto-save) < 0.8.5 Stored XSS via System Configuration

Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...

5.4CVSS0.00183EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:54 p.m.12 views

CVE-2026-45229

Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...

8.8CVSS5.9AI score0.00367EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/13 7:54 p.m.9 views

CVE-2026-45229 Quark Drive (quark-auto-save) < 0.8.5 Mass Assignment via POST /update

Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...

8.8CVSS5.9AI score0.00367EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 7:54 p.m.31 views

CVE-2026-45229 Quark Drive (quark-auto-save) < 0.8.5 Mass Assignment via POST /update

Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...

8.8CVSS0.00367EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 7:54 p.m.16 views

CVE-2026-45229

The CVE concerns Quark Drive prior to 0.8.5, where a mass assignment flaw in the POST /update endpoint lets an authenticated attacker overwrite administrator credentials by posting an arbitrary webui object to the config_data dictionary. Poor deny-list filtering enables permanent replacement of s...

8.8CVSS5.9AI score0.00367EPSS
Exploits0References3
OSV
OSV
added 2026/05/13 3:13 p.m.7 views

BIT-MINIO-2026-42600 MinIO: Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint

MinIO is a high-performance object storage system. From 2022.07.24 to before 2026.04.14, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configured drive roots, bounded only by the...

6.9CVSS5.8AI score0.08457EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40801

Name of the Vulnerable Software and Affected Versions Quark Drive versions prior to 0.8.5 Description A mass assignment issue exists in the "POST /update" endpoint. Authenticated attackers can overwrite administrator credentials by submitting an arbitrary webui object to the config data dictionar...

8.8CVSS5.9AI score0.00367EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from issues with the LPM component of the ST1000DM010-2EP102 hard drive. This vulnerability may...

5.8AI score0.00114EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

Drive Software Atomic Alarm Clock 安全漏洞

Drive Software Atomic Alarm Clock is a desktop enhancement tool developed by Drive Software. Version 6.3 of Drive Software Atomic Alarm Clock contains a security vulnerability. This vulnerability stems from a stack overflow issue, which could allow local attackers to execute arbitrary code by...

8.6CVSS6.3AI score0.00152EPSS
Exploits0References1
Rows per page
Query Builder